Presentation
Since its official entry into force, the GDPR and the new applicable data protection legislation have revolutionized the professional world. The theft and misappropriation of customer data are now commonplace within companies, which are now responsible for their security.
GDPR: The General Data Protection Regulation
This new regime is understandably causing concern among companies given the considerable amount of due diligence required to comply with the rules.
All procedures for collecting and processing personal data related to commercial, HR, legal, marketing, and other databases must be analyzed, updated, and documented.
Furthermore, the Regulation, deliberately drafted in general terms, creates considerable uncertainty regarding its future implementation and interpretation.
In fact, only general principles are mentioned, without any specific details. While template documents are offered by the CNIL (French Data Protection Authority) or some professionals, they are insufficient to guarantee or justify due diligence in the event of an audit.
CNIL and personal data: a supervisory authority
In fact, the CNIL (French Data Protection Authority) has conducted a large number of audits and imposed sanctions, resulting in fines of at least tens of thousands of euros, on a wide variety of companies, ranging from large corporations to startups. Indeed, it is primarily the customers and users of these services who report potential breaches to the CNIL, thus exposing the entire professional sector.
Find the latest news related to the GDPR, with commentary from the law firm PCS Avocat:
- CNIL & Protection des données : les erreurs courantes en matière de RGPD
- Memento RGPD La documentation de traitement de données
- Dernières sanctions de la CNIL en matière de RGPD : « La rigolade, c’est terminée »
- RGPD : une sanction exemplaire de 50 millions d’euros contre Google
A significant undertaking for every company, data protection requires substantial strategic analysis and the development of appropriate documents and procedures to offer suitable and sufficient solutions in terms of guarantees and security.
Ultimately, data protection is becoming an essential area of expertise for professionals, on par with accounting, taxation, or human resources.
